There is a server running in the LAN and port redirection is used to make it accessible from the internet.
To make this redirection work for clients on the LAN too you have to add an additional NAT rule as suggested in PF FAQ.
If redirection rules are generated by relayd
do the following to add an additional NAT rule:
- Modify the relevant redirection section in
relayd.conf
to match and tag packets (see example below). - Add the necessary rules for tagged packets (see example below) following the
relayd/*
anchor inpf.conf
.